SECURE BOOT OVERRIDE IN A COMPUTING DEVICE EQUIPPED WITH UNIFIED-EXTENSIBLE FIRMWARE INTERFACE (UEFI)-COMPLIANT FIRMWARE

US 20140331037A1
Filed: 05/01/2014
Published: 11/06/2014
Est. Priority Date: 05/01/2013
Status: Active Grant

First Claim

Patent Images

1. A method for bypassing a Secure Boot sequence in a computing device equipped with Unified Extensible Firmware Interface (UEFI)-compliant firmware, the method comprising:

beginning, with the UEFI-compliant firmware, execution of a boot sequence for the computing device;

detecting, during execution of the boot sequence, that a Secure Boot configuration setting is enabled;

detecting, during execution of the boot sequence, an indication of a Secure Boot override condition, the indication of the Secure Boot override condition generated after the beginning of the boot sequence;

continuing the boot sequence without signature checking an executable based on the detection of the indication of the Secure Boot override condition, andinvoking the executable.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A firmware-based system and method for detecting an indicator of an override condition during a Unified Extensible Firmware Interface (UEFI) Secure Boot sequence. The indicator of the override condition may be detected based upon the pressing of a specialized button, designated key or keys or other received input that indicates both physical presence of the user and the desire, on the current boot, to bypass UEFI Secure Boot. An embodiment may work for only a single boot, not require access into a setup application, and may be accessed by externally accessible features of the computer system.

26 Citations

View as Search Results

20 Claims

1. A method for bypassing a Secure Boot sequence in a computing device equipped with Unified Extensible Firmware Interface (UEFI)-compliant firmware, the method comprising:
- beginning, with the UEFI-compliant firmware, execution of a boot sequence for the computing device;
  
  detecting, during execution of the boot sequence, that a Secure Boot configuration setting is enabled;
  
  detecting, during execution of the boot sequence, an indication of a Secure Boot override condition, the indication of the Secure Boot override condition generated after the beginning of the boot sequence;
  
  continuing the boot sequence without signature checking an executable based on the detection of the indication of the Secure Boot override condition, andinvoking the executable.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1 wherein the executable is an OS loader executable.
  - 3. The method of claim 1, further comprising:
    - generating the Secure Boot override condition using a designated power button on the computing device.
  - 4. The method of claim 1, further comprising:
    - generating the Secure Boot override condition using one or more keystrokes on an input device communicating with the computing device.
  - 5. The method of claim 1, further comprising:
    - generating the Secure Boot override condition by depressing a power button for a pre-specified period of time longer than needed to start the computing device and shorter than a period of time needed to power off the computing device.
  - 6. The method of claim 1, further comprising:
    - generating at least one of a visual or audible indicator that the Secure Boot override condition has been detected.
  - 7. The method of claim 1, further comprising:
    - verifying the authority of a user of the computing device to generate the Secure Boot override condition after detecting the indication of the Secure Boot override condition and before the continuing of the boot sequence.

8. A non-transitory medium holding computer-executable instructions for bypassing a Secure Boot sequence in a computing device equipped with Unified Extensible Firmware Interface (UEFI)-compliant firmware, the instructions when executed causing the computing device to:
- begin, with the UEFI-compliant firmware, execution of a boot sequence for the computing device;
  
  detect, during execution of the boot sequence, that a Secure Boot configuration setting is enabled;
  
  detect, during execution of the boot sequence, an indication of a Secure Boot override condition, the indication generated after the beginning of the boot sequence;
  
  continue the boot sequence without signature checking an executable based on the detection of the indication of the Secure Boot override condition, andinvoke the executable.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The medium of claim 8 wherein the executable is an OS loader executable.
  - 10. The medium of claim 8, wherein the instructions when executed further cause the computing device to:
    - generate the Secure Boot override condition using a designated power button on the computing device.
  - 11. The medium of claim 8, wherein the instructions when executed further cause the computing device to:
    - generate the Secure Boot override condition using one or more keystrokes on an input device communicating with the computing device.
  - 12. The medium of claim 8, wherein the instructions when executed further cause the computing device to:
    - generate the Secure Boot override condition by depressing a power button for a pre-specified period of time longer than needed to start the computing device and shorter than a period of time needed to power off the computing device.
  - 13. The medium of claim 8, wherein the instructions when executed further cause the computing device to:
    - generate at least one of a visual or audible indicator that the Secure Boot override condition has been detected.
  - 14. The medium of claim 8, wherein the instructions when executed further cause the computing device to:
    - verify the authority of a user of the computing device to generate the Secure Boot override condition after detecting the indication of the Secure Boot override condition and before the continuing of the boot sequence.

15. A computing device, comprising:
- an interface for an input device;
  
  a processor;
  
  read-only memory holding Unified Extensible Firmware Interface (UEFI)-compliant firmware configured to execute a boot sequence for the computing device, the UEFI-compliant firmware;
  
  beginning execution of the boot sequence;
  
  detecting, during execution of the boot sequence, that a Secure Boot configuration setting is enabled;
  
  detecting, during execution of the boot sequence, an indication of a Secure Boot override condition, the indication generated after the beginning of the boot sequence;
  
  continuing the boot sequence without signature checking an executable based on the detection of the indication of the Secure Boot override condition, andinvoking the executable.
- View Dependent Claims (16, 17, 18)
- - 16. The computing device of claim 15 wherein the executable is an OS loader executable.
  - 17. The computing device of claim 15, further comprising:
    - a specialized power button that when depressed during the boot sequence causes the generation of the indication of the Secure Boot override condition.
  - 18. The computing device of claim 15 wherein the computing device further comprises:
    - an interface to a display surface with which the computing device is in communication, wherein a visual indicator is generated for display on the display surface based on the detecting of the indication of the Secure Boot override condition.

19. A non-transitory medium holding computer-executable instructions for bypassing a Secure Boot sequence in a computing device equipped with Unified Extensible Firmware Interface (UEFI)-compliant firmware, the instructions when executed causing the computing device to:
- begin, with the UEFI-compliant firmware, execution of a boot sequence for the computing device that detects an expansion card in the computing device;
  
  detect, during execution of the boot sequence, that a Secure Boot configuration setting is enabled;
  
  detect, during execution of the boot sequence, an indication of a Secure Boot override condition, the indication generated after the beginning of the boot sequence;
  
  continue the boot sequence without signature checking a driver for the expansion card based on the detection of the indication of the Secure Boot override condition, andload the driver for the expansion card.
- View Dependent Claims (20)
- - 20. The medium of claim 19, wherein the instructions when executed further cause the computing device to:
    - verify the authority of a user of the computing device to generate the Secure Boot override condition after detecting the indication of the Secure Boot override condition and before the continuing of the boot sequence.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Insyde Software Corp
Original Assignee
Insyde Software Corp
Inventors
LEWIS, Timothy Andrew

Granted Patent

US 11,194,586 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/2
CPC Class Codes

G06F 21/575   Secure boot

G06F 2221/033   Test or assess software

G06F 9/4401   Bootstrapping security arra...

SECURE BOOT OVERRIDE IN A COMPUTING DEVICE EQUIPPED WITH UNIFIED-EXTENSIBLE FIRMWARE INTERFACE (UEFI)-COMPLIANT FIRMWARE

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

26 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

SECURE BOOT OVERRIDE IN A COMPUTING DEVICE EQUIPPED WITH UNIFIED-EXTENSIBLE FIRMWARE INTERFACE (UEFI)-COMPLIANT FIRMWARE

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

26 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links